WFTPD contains a flaw that may allow a remote denial of service. The issue is triggered when a logged in user issues an out of sequence RNTO command, and will result in loss of availability for the WFTPD service.
(Description Provided by CVE) : Buffer overflow in Texas Imperial Software WFTPD Pro Server 188.8.131.52 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via crafted APPE commands that contain "/" (slash) or "\" (backslash) characters.
(Description Provided by CVE) : WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error.
(Description Provided by CVE) : Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands.
(Description Provided by CVE) : WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline.
(Description Provided by CVE) : WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by using the RESTART (REST) command and writing beyond the end of a file, or writing to a file that does not exist, via commands such as STORE UNIQUE (STOU), STORE (STOR), or APPEND (APPE).
WFTPD FTP Server contains a flaw that may allow a malicious user to crash the FTP service. The issue is triggered when the service recieves large amounts of data without terminating characters. It is possible that the flaw may allow the service to consume 100% of the system CPU and memory resources resulting in a loss of availability.
A remote overflow exists in WFTPD. The product fails to perform correct boundary checks on "SIZE" commands, resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
An overflow exists in WFTPd and WFTPd Pro. The server fails to properly sanitize LIST, NLST, and STAT commands resulting in a process stack overflow. With a specially crafted request, an attacker can execute arbitrary commands with the priveleges of the ftpd resulting in a loss of confidentiality, integrity, and/or availability.
WFTPD Pro Server contains a flaw that may allow a local denial of service. The issue is triggered when the Xerox Docutech option is set to one and a specially crafted "MKD" or "XMKD" FTP command is issued, and will result in loss of availability for the service.
(Description Provided by CVE) : The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM using a long string to the java.io.getCanonicalPath Java method.
(Description Provided by CVE) : ** DISPUTED ** Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MC-filename. NOTE: this issue has been disputed by a reliable third party who states that the compiler is not a privileged program, so privilege boundaries cannot be crossed.
(Description Provided by CVE) : Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.